AMENDMENT(S) TO THE CLAIMS 

Claims 1-48 are pending. 

Claims 1, 19, 20, 37, and 38 have been amended. 

Claim 5 has been cancelled. 

Claims 1-4, and 6-48 remain pending. 

1 . (Currently Amended) A method of processing multiple types of security 
schemes , comprising: 

receiving a message having an associated token, wherein the token is associated 
with a subject; 

authenticating t he token by extracting obtaining a first claim and a second claim 
from the token, wherein the first and second claims comprise elaim - eompHs es a statement 
about the subject; and 

grouping the first and second claims into a claim collec tion by selectively 
mapping the first claim to [[a]] the second claim ; and 

authorizing the first and second claims by mapping them to other claims . 

2. (Original) The method of claim 1 , further comprising obtaining another claim 
from the token. 

3. (Original) The method of claim 1, further comprising rejecting the message as 
a function of the first claim. 
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4. (Original) The method of claim 1 , further comprising rejecting the message as 
a function of the second claim. 

5. (Cancelled) 

6. (Original) The method of claim 1, further comprising obtaining a resource 
identifier from the message. 

7. (Original) The method of claim 6, wherein obtaining the resource from the 
message comprises applying an XPath expression. 

8. (Original) The method of claim 6, wherein the resource identifier comprises a 
property of the message. 

9. (Currently Amended) The method of claim 1, further comprising obtaining 
a resource identifier from the message a computing system p e rforming th e m e thod . 

10. (Original) The method of claim 9, wherein the resource identifier comprises a 
property of the computing system's runtime environment. 

1 1 . (Original) The method of claim 9, wherein a resource corresponding to the 
resource identifier is stored by the computing system. 
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12. (Original) The method of claim 1, further comprising sending a return 
message to a sender of the message, wherein the return message includes information 
regarding the second claim. 

13. (Original) The method of claim 12, wherein the information regarding the 
second claim comprises the second claim. 

14. (Original) The method of claim 1, further comprising obtaining a third claim 
from the first claim. 

15. (Original) The method of claim 1, further comprising obtaining a third claim 
from the second claim. 

16. (Original) The method of claim 1, further comprising selectively rejecting the 
first claim. 

17. (Original) The method of claim 1, wherein the token is received out-of-band 
from the message. 

18. (Original) The method of claim 1, further comprising sending the message, 
the token and a second token to another entity, wherein the second token includes 
information related to the second claim. 
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19. (Currently Amended) A machine computer readable storage medium 
having comprising computer readable instructions that, when executed by a processor, 
performs for performing the method of claim 1 . 

20. (Currently Amended) A system configured to process multiple types of 
security schemes, the system comprising: 

one or more computer processors; and 

one or more computer readable storage media, executable by the one or more 
computer processors, to store: 

a first module to extract obtaining a first claim and a second claim from a 
token associated with a message, wherein the message has an associated subject 
and the first and second claims comprise claim comprises a statement related to 
the subject; and 

a second module to selectively map the first claim to [[a]] die second 

claim. 

21. (Original) The system of claim 20 further comprising a third module to 
determine as a function of the first claim whether the message is to be rejected. 

22. (Original) The system of claim 20, further comprising a third module to 
determine as a function of the second claim whether the message is to be rejected. 
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23. (Original) The system of claim 20, further comprising a module to form a 
claim collection that includes the first and second claims. 

24. (Original) The system of claim 20, further comprising a module to selectively 
obtain a resource identifier from the message. 

25. (Original) The system of claim 24, wherein the module to obtain the resource 
identifier from the message is to selectively apply an XPath expression to obtain the 
resource identifier. 

26. (Original) The system of claim 24, wherein the resource identifier comprises a 
property of the message. 

27. (Original) The system of claim 20, further comprising a module to selectively 
obtain a resource identifier from a computing system in which the first and second 
modules reside. 

28. (Original) The system of claim 27, wherein the resource identifier comprises a 
property of the computing system's runtime environment. 

29. (Original) The method of claim 27, wherein a resource corresponding to the 
resource identifier is stored by the computing system. 
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30. (Original) The system of claim 20, further comprising a module to selectively 
send a return message to a sender of the message, wherein the return message includes 
information regarding the second claim. 

31. (Original) The system of claim 30, wherein the information regarding the 
second claim comprises the second claim. 

32. (Original) The system of claim 20, wherein the second module is to 
selectively obtain a third claim from the first claim. 

33. (Original) The system of claim 20, wherein the second module is to 
selectively obtain a third claim from the second claim. 

34. (Original) The system of claim 20, wherein the second module is to 
selectively reject the first claim. 

35. (Original) The system of claim 20, wherein the first module is to receive the 
token out-of-band from the message. 

36. (Original) The system of claim 20, further comprising a module to send the 
message, the token and a second token to another entity, wherein the second token 
includes information related to the second claim. 



r -rf HON " 1 



37. (Cancelled) 



38. (Currently Amended) A machin e computer -readable storage medium 
storing computer-executable instructions that, when executed by a processor, performs 
acts comprising having components, comprising : 

means for receiving a message having an associated token, wherein the token is 
associated with a subject; 

means for obtaining a first claim and a second claim from the token, wherein the 
first and second claims comprise claim comprises a statement about the subject; and 

m e ans for selectively mapping the first claim to [[a]] the second claim. 

39. (Currently Amended) The machine computer -readable storage medium of 
claim 38, further comprising means for rejecting the message as a function of the first 
claim. 

40. (Currently Amended) The machin e computer -readable storage medium of 
claim 38, further comprising m e ans for rejecting the message as a function of the second 
claim. 

41. (Currently Amended) The machine compute-readable storage medium of 
claim 38, further comprising means for obtaining a resource identifier from the message. 
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42. (Currently Amended) The machine computer -readable storage medium of 
claim 38, further comprising means for obtaining a resource from a computing system 
reading the machine-readable medium. 



43. (Currently Amended) The machin e computer-readable storage medium of 
claim 38, further comprising m e ans for sending a return message to a sender of the 
message, wherein the return message includes information regarding the second claim. 



44. (Currently Amended) The machine computer -readable storage medium of 
claim 38, further comprising means for obtaining a third claim from the first claim. 



45. (Currently Amended) The machine computer -readable storage medium of 
claim 44, further comprising means for rejecting the message as a function of the third 
claim. 



46. (Currently Amended) The machine computer -readable storage medium of 
claim 38, further comprising m e ans - f ef obtaining a third claim from the second claim. 

47. (Currently Amended) The machine computer -readable storage medium of 
claim 38, further comprising m e ans for selectively rejecting the first claim. 

48. (Currently Amended) The machin e computer -readable storage medium of 
claim 38, further comprising m e ans for sending the message, the token and a second 
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token to another entity, wherein the second token includes information related to the 
second claim. 
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